Secondary menu

You are here

TechSec

When we did an educational session at TechSec 2014 about the possibility of security systems falling victim to an APT (advanced persistent threat), cybersecurity wasn't something we heard about every day at Security Systems News. Here's a link to a story about that educational session.

Times have changed. As we do advance ISC West show reporting this year, cybersecurity is cropping up over and over again.

A standard story we do each year is about the biggest booths at ISC West. Here's a link to the story, which is in our newswire today. Spencer spoke to three of the largest exhibitors for the story. Asked what they'll be talking about in Vegas, two of those exhibitors, Hikvision and Axis, are leading with their cybersecurity efforts. The third, Hanwha Techwin (formerly Samsung Techwin), is focused on its new name first, which makes sense. However, Hanwha's Tom Cook said cybersecurity was an important topic of discussion at the manufacturer's recent dealer meeting and said it's a topic the company will be talking more about.

We've continued to talk about cybersecurity at TechSec in 2015 and 2016. This year we had Rodney Thayer at TechSec and at Cloud+ talking about cyber, both sessions were highly rated by attendees. Thayer is an excellent presenter—super knowledgeable and amusing too. He's leading an educational session at ISC West called "Cybersecurity: Three steps to counter external attacks on physical security systems" on Thursday, April 7, from 3:30 - 4:15 in Casanova 603. My guess is that it will be a worthwhile session to attend.

Security Systems News has been on this story for more than two years, and we'll continue to keep you informed. If you hear of any particularly impressive or interesting cybersecurity efforts or stories, please let me know. I can be reached at mentwistle@securitysystemsnews.com.

DELRAY BEACH, Fla.—Cloud pioneers—security manufacturers who say they’re fully committed to cloud-based systems—believe it’s only a matter of time before all security systems rely, to some degree, on the cloud.

Exec ed Martha Entwistle and I had an excellent conference call yesterday with SSN’s TechSec Advisory Board. We’re gearing up for the annual conference on new and emerging technology, and our advisors assist us as we determine programming.

One thing I can say at this point is that the educational sessions at the TechSech conference Feb. 2-3 will be different from what you’ve heard over and over again. I attended ISC West and ESX, and the people I met with and the panelists at the sessions I attended were certainly very smart and at the top of their games, reinforcing topics we’ve heard about for months and have written about. But I was left with the questions, “Are there new takes on these persistent topics? What angles haven’t been pursued?” We want to dive deeper at TechSec. And we will.

The conversation Martha and I had with our advisors led to some interesting, topical points. We’ll be announcing the program and panelists soon. You can check out last year’s educational here for a feel of what we’ll be aiming at, bigger and even better in 2016. It will be great, and you can hold me to that!

I especially like how we have some of our past “20 under 40” winners on our advisory board: Ralph Nerette, Sharon Shaw and Jeremy Brecher. (We know how to pick them!) Along with input from longtime industry pros, they provide us with unique perspectives and know what those in the industry want and need to know in today’s fast-changing security environment.

PROVO, Utah—Joe Albaugh, who today joined Vivint in the newly created position of chief security officer, brings significant cyber expertise, having previously served as chief information security officer at the U.S. Department of Transportation and also at the Federal Aviation Administration.

RA’ANANA, Israel and LOS ANGELES, Calif.—NICE Systems and UNICOM Government are providing a runway incursion detection system to secure the airfield operations area at Miami International Airport, the companies announced.

That question, the basis of a TechSec forum in February, came to mind again this week with the release of Alert Logic’s “State of Cloud Security Report—Fall 2012.” The company, a provider of security solutions for the cloud, issued the report after analyzing more than 70,000 security incidents among 1,600 business customers.

Among the key conclusions was that “on-premise IT infrastructure is more likely to be attacked, more often, and through a broader spectrum of attack vendors than cloud-based infrastructures.” The report also cited a higher incidence of “brute force attacks and reconnaissance attacks” in on-premise environments.

The findings echo one of the points made at TechSec: While many security companies don’t trust their data in the cloud, having it on-site doesn’t guarantee it’s going to be safe.

“[Cloud] security is far greater than open data systems,” said TechSec panelist Brian McIlravey, co-CEO of PPM 2000, a manufacturer of incident reporting and investigation management software. “The enterprise-class cloud is very secure. Third parties that hold data take it very seriously—we don’t want it accessed any more than you do.”

McIlravey stressed due diligence when selecting and moving data to a cloud provider, including asking for certification and knowing what is covered in the service-level agreement. He said the same scrutiny should occur internally in the company that is moving data off-site.

“The cloud provider must have certification, but you should be asking the same questions of your IT group,” McIlravey said, referring to data access, encryption and other safeguards.

Due diligence aside, skepticism could well linger in the security industry because of the “myth” that the cloud isn’t as secure as on-site environments, said Stephen Coty, research director at Alert Logic.

“[It] is a stereotype that has prevented the industry from focusing on the real issues impacting enterprise security,” he said in a news release announcing the fall 2012 report. “Rather than falling victim to perception-based beliefs, businesses should leverage factual data to evaluate their vulnerabilities and better plan their security posture.”

DELRAY BEACH, Fla.—In deciding to use bleeding-edge technology, you need to eliminate legacy alternatives, weigh the risks and rewards, ensure all stakeholders are informed and aboard, and then proceed very, very carefully, according to Kevin Engelhardt, VP of security operations for Diebold, and Phil Santore, principal and managing partner for consulting group DVS.

That was the standard for the security industry 20 years ago, as cited by Edward Levy, VP and global head of security for Thomson Reuters, during his keynote address at last week’s TechSec conference in Delray Beach, Fla. But while technology has clearly raised the bar since then, allowing many companies to reduce the number of boots on the ground, a contradictory fact remains: The age of the guard is not over.

To prove the point, look no further than the streets of New York, where SecureWatch24 has announced plans to move aggressively into guard services. The company was recently awarded a contract to supply unarmed guards at an Ivy League alumni club in Manhattan, and it intends to continue to push into this segment with its own training program.

“We’re moving into the guard sector in a big way,” said Jay Stuck, VP of sales and chief marketing officer for SW24, which specializes in property surveillance and video monitoring. “We think it’s pretty compatible with the technology initiatives we have going right now. Our view is that the two can work hand in hand. … At the end of the day, you’re still going to need guys in navy blazers.”

DELRAY BEACH, Fla.—Video analytics is clawing its way back from a bad reputation caused by early cases of overpromising and under-delivering and one manufacturer predicted the technology would go “mainstream” within two years. Those were some of the views on video analytics shared by experts during a panel discussing the topic at this year’s TechSec conference.

While sunny Florida hasn’t quite lived up to its billing—blue sky has been scarce, at least so far —the eighth annual TechSec, a two-day conference being held in Delray Beach, is definitely meeting expectations.

Many of the security industry’s top players are here, and the presentations and discussions have been lively. The monitoring world was well represented at Tuesday’s session, with Morgan Hertel, VP and general manager for Mace CS, and Jerry Cordasco, VP of operations for G4S Technology, among the presenters. Do video analytics really work? Is your cloud provider secure? Those were among the topics debated, with some energetic exchanges between the audience and the experts on the dais.

Day Two kicked off with William Rhodes, a market analyst for IMS Research, giving TechSec attendees a look at what to expect in video surveillance technology in 2012 and beyond. The rest of the day features sessions on implementing current vs. emerging technology in long-term projects; PIV (personal identity verification) being propelled into the private sector; and SaaS (software as a service) and ROI for the end user.

The conference wraps up with the next generation of security practitioners discussing new technology and how it will affect the industry. Four members of Security Directors News’ “20 Under 40” class of 2012 are on the panel, including Whit Chaiyabhat, director of emergency management and operational continuity at Georgetown University, and Christopher Chapeta, physical security specialist for Chevron.

I had the chance to talk with both of them yesterday, and for anyone in the security industry skeptical of those who have grown up with the Internet, cellphones and social media, I have good news: If these folks are typical of those who will guide the industry in the future, it’s in good hands.

For those who couldn’t join the TechSec this year, there’s always 2013. And you can get a taste of what you missed in the coming days in SSN.